Criminals stop spreading infamous Maze ransomware

The creators of the infamous Maze ransomware say they stop their criminal activities. The hackers have not been infecting new companies since September and have stopped facilitating servers for the malware.

One of the distributors tells Bleeping Computer that the makers will stop their operations, but the makers of Maze themselves say that “more information will follow in a press release.” According to the distributor, Maze will gradually stop spreading the ransomware. The group would no longer infect new networks; that hasn’t happened since September of this year. The website is also said to have been taken offline and all files of companies are being removed from it. The group would now try to extort the last companies and then stop permanently.

According to Bleeping Computer, most of Maze’s affiliates have now switched to new ransomware: Egregor. It has been active since September, which corresponds to the period when Maze would have stopped. Much of Egregor’s code is the same as Maze’s.

Maze was one of the most infamous ransomware variants of the past year. The criminals had been active since mid-2019. Maze distinguished itself by not only encrypting files, but also stealing them. If victims did not pay, the criminals released the files. That provided an extra reason to pay. Maze maintained its own website that contained the documents of non-paying victims. According to Bleeping Computer, that website has since been emptied.

It often happens that criminals stop using ransomware for good; last year, the makers of GandCrab also stopped spreading. In some cases, after stopping their operation, criminals release the decryption keys that allow victims to get their files back. The criminals do not want to tell Bleeping Computer whether that will happen to Maze.